b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
03-08-2022 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
Size

5.8MB
MD5

9c7548d6a16cd7107912da73c986c131
SHA1

7cf1da1b1f8cdd2759625c8af80ffc2ff2e0027d
SHA256

b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177
SHA512

27a740f2a3e21e96bc45c0b7eb7d94fe486a0d562c8a2395e7f29a4a2a5260d5df3b05d5d9be2c91159b92c126fa390c777d4ad9cee7bef3d78d015b10d1b83c

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/2016-55-0x0000000000400000-0x0000000000D8E000-memory.dmp	vmprotect
behavioral1/memory/2016-57-0x0000000000400000-0x0000000000D8E000-memory.dmp	vmprotect
behavioral1/memory/2016-58-0x0000000000400000-0x0000000000D8E000-memory.dmp	vmprotect

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe

pid	process
2016	b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
2016	b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe

C:\Users\Admin\AppData\Local\Temp\b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
"C:\Users\Admin\AppData\Local\Temp\b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x0000000076291000-0x0000000076293000-memory.dmp

Filesize
8KB

Download
memory/2016-55-0x0000000000400000-0x0000000000D8E000-memory.dmp

Filesize
9.6MB

Download
memory/2016-57-0x0000000000400000-0x0000000000D8E000-memory.dmp

Filesize
9.6MB

Download
memory/2016-58-0x0000000000400000-0x0000000000D8E000-memory.dmp

Filesize
9.6MB

Download